From 65e07ec8665e3f8e96084231adefd765101c9e5b Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 25 Dec 2019 17:19:17 -0500
Subject: Archive development backups

---
 tsig-keygen.py | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 tsig-keygen.py

(limited to 'tsig-keygen.py')

diff --git a/tsig-keygen.py b/tsig-keygen.py
new file mode 100644
index 0000000..cfa653f
--- /dev/null
+++ b/tsig-keygen.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python
+
+"""
+Pure Python TSIG key generator, with multiple output formats.
+"""
+
+import os, base64, argparse
+
+bind9_template = '''
+key "{name}" {{
+        algorithm = {algorithm};
+        secret = "{secret}";
+}};
+'''
+
+nsd_template = '''
+key:
+        name: "{name}"
+        algorithm: {algorithm}
+        secret: "{secret}"
+'''
+
+ap = argparse.ArgumentParser(description = __doc__)
+ap.add_argument("-f", "--format", choices = ("bind9", "nsd"))
+ap.add_argument("dnsname")
+ap.add_argument("output", type = argparse.FileType("w"), nargs = "?", default = "-")
+args = ap.parse_args()
+
+# For the moment this only supports hmac-sha256
+
+params = dict(
+    name = args.dnsname,
+    algorithm = "hmac-sha256",
+    secret = base64.b64encode(os.urandom(256 // 8)).decode("ascii"),
+)
+
+if args.format is None or args.format == "bind9":
+    args.output.write(bind9_template.format(**params))
+
+if args.format is None or args.format == "nsd":
+    args.output.write(nsd_template.format(**params))
-- 
cgit v1.2.3